Security Lock Down

Posted on 2010-01-11
Medium Priority
Last Modified: 2013-12-04
Hello, I am looking for a software and or a way to lock down all the PCs on a network to ensure they are secure from data theft directly from USB and other devices, need the cut and paste facility disabled etc, must ensure there is no way for data to be stolen directly and indirectly i.e emailing data etc, ensure no method of taking and connecting personal devices or printers etc or bypassing systems, ensuring no method by which these devices can attach or link to remove data. We must also know if someone is trying to use third part facilities, ensure no way to load 3rd party software onto systems to remove client data or somehow facilitate other mechanisms.

This might sound extreme  but thats what we need to do.

Please make suggestions and recommendations.
Question by:Scootek
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 21

Accepted Solution

farazhkhan earned 900 total points
ID: 26287329

Well this will cover in details what security you need to impose and how, although this article is for securing terminal sessions but you can apply the same setting in a GPO to your domain users: http://support.microsoft.com/kb/278295

The only thing would remain is USB blocking, you need to get custom ADM for doing that, check this: http://www.petri.co.il/disable_usb_disks_with_gpo.htm

Faraz H. Khan
LVL 24

Assisted Solution

Eirman earned 300 total points
ID: 26287732
If you could restrict access to the PC case itself and just allow access to the monitor/keyboard/mouse that would go a long way. Some PC cases allow padlocks to be fitted. You can very easily disconnect all you USB ports - this can never be circumvented unless the case is opened.

Whatever you do make sure that your data is always encrypted - If someone walks out with your server under their arm, they will never be able to access the data. Bestcrypt from jetico.com is very flexible. It allows you to set up an encrypted container for all your data and to assign say five passphrases to five people. You then decide that any say three of the five users can open the container.
LVL 24

Expert Comment

ID: 26287757
Useful search term - pc kiosk software
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 56

Assisted Solution

McKnife earned 300 total points
ID: 26289026
Scootek, give us some insight on what we have here.
I am asking because even with the most restricted settings, the user is still able to view the documents, right? If he can view those, he can bring a camera (inside his mobile maybe) and simply film the screen while reading through the documents. The recorded quality might be far better then you think of.
So are you talking about thousands of documents (which would mean a lot of work doing film/photo recorded hard copies) or what?

Author Comment

ID: 26291235
Hello Guys,

Thank you to everybody for their replies so far. As McKnife asked for more information, here it is:

Firstly, it's an organisation where data is very valuable (financial services) and employees will try and take data if they get a chance and sell it to new employer or the highest bidder. The employees are generally highly educated and have very good knowledge of IT.

The current setup is that the PC's are acting as dumb terminals although they are fully fledged PC's. They are using hosted desktop (cloud).

If you need more info let me know. I would be willing to do whatever necessary to put in a serious solution.

What can I use to stop or dsisable CUT AND PASTE facility?

McKnife the camera point is pretty good - we will work on either stopping people taking in camera phones or putting on a screen that you can't picture.

Author Closing Comment

ID: 31676260
Thank you for you help.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question